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Briefing  Overview 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


•The  environment~>push  &  pull;  the  evolution  of 
threats  &  technology 

•DoD’s  vision~>Decision  Dominance  enabled  by 
network  centric  operations  ‘netcentricity’ 

•The  DoD  IA  Community  response  &  challenges 

•The  DoD  -  Industry  Relationship 

•Key  Influences  on  the  DoD  -  Industry  Relationship 
•Policies 
•Summary 


The  Changing  Face  of  Cyber  Threat 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


Current  Situation  Assessment 

•  Global  access  to  information 

•  Networks  emerging  as  centers  of  gravity 

•  Geographic  and  infrastructure  boundaries 
meaningless 

•  Critical  infrastructures/  sectors  are  targets 

•  Cyber  response  problematic 

•  Anonymity  makes  tracing  difficult 

•  Technology  has  given  rise  to  new  threats 


Low  -< - Probability  of  occurrence  - >•  High 


Source:  1996  DSB  Summer  Study 


Individual  Hacker  Criminal  /  Disgruntled  Employee  Terrorist  /  Nation-State 

Intrusion  Crime  Attack 

•  Access  •  Theft  •  Exploitation 

•  Challenge  •  Alteration  •  Degradation 

•  Ego  •  Destruction  •  Destruction 


◄ 


Most  Likely 


Least  Likely 


► 


Annoyance 


Strategic  Impact 
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Gartner’s  Top  10  Technologies 

2002-2007 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


•Gartners  top  10  technologies  (2002-2007) 

•Biometric  authentication 
•Speech  recognition 
•web  services 
•portals 

•always-on  wireless  data  &  communications 
•converged  networks 
•digital  wallets  &  interest  portfolios 
•wireless  LAN 

•privacy  management  technology 
•instant  messaging 

•Venture  Capital  “hot”  investment  areas  for  2002:  INFRASTRUCTURE 
•network,  systems,  security  and  data  infrastructure 

What  are  the  security  implications  of  these  technologies?! 

+  •  w  SliHo  4 


Enabling  Full  Spectrum  Dominance 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


DoD  Vision 


Dedicated  individuals  and  innovative 
organizations  transforming  the  joint 
force  for  the  21st  Century  to  achieve 
Full  Spectrum  Dominance : 

•  Persuasive  in  peace 

•  Decisive  in  war 

•  Preeminent  in  any  form  of  conflict 


One  Team  -  One  Vision 


Future  DoD  Operations 

“NetCentricity  ” 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


•Defines  future  warfare  transformed  by  information  technology 
•Focuses  on  battlefield  entities,  information  flows,  and  their  interactions 
•Describes  strategy,  operations,  tactics  &  doctrine  that  takes  advantage 
of  information  technology 


Requires  a  Global  Information  Grid 

•Massed  effects  not  forces 
•Delivers  “Power  to  the  Edge” 

•Highly  aware  forces 
•Increased  operational  speed  &  agility 
•Optimized  environment  for  improved 
decision  making  (C2) 


Seeks  to  reduce  or  eliminate  tlw  constraints  of_ space  &  time 
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“Netcentricity” 

Increases  Demand  for  New  &  Improved  IA  Capabdities 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


Embedded  IA  services/management  in  nodes/links 

-  Adaptive,  automated  configuration  and  remote  operation  of 
components/systems 

High  confidence,  scaleable  supporting  infrastructures 

New  skill  sets  of  flexibility,  coping  with  higher  levels  of  ambiguity  and 
uncertainty  and  to  operate  under  growing  levels  of  pressure 

Well  integrated  assurance  tools  into  development,  deployment, 
employment,  support  mechanisms 

-  ID  need/opportunity 

-  Define  response 

-  Design  implementations 

-  Develop  capabilities 

-  Deploy  (deliver)  result 

-  Employ  (use) 

-  Support  (maintain,  sustain) 

-  Enforce,  assess-evaluate,  insight-oversight 
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DoD  Information  Assurance  Model 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


Information  Assurance  enables  Information  Dominance 


DoD  Information 
Vision  Assurance 


f  •  Attack  and  Sensing 

•  Alert  and  Warning 

•  Network  Centric 
Operations 


Security  Enabled  Solutions 
Global  Grid 

Public  Key  Infrastructure 
Science  and  Technology 


•  Centers  of  Excellence 

•  Attract,  Retain,  Sustain 
(Leverage  Industry  Experts) 

V.  *  Training  and  Awareness 


Technology 


ye1 


oV 


i\* 


Sectors 

DoD 

Business  Sectors 
Private  Citizens 
State/Local 
International 


Information 

Dominance 


i 
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Vision  &  Goals 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


VISION:  “Mission  Dominance  through  Dynamic  IA” 

KEY  TENETS: 

•Globalization  mandates  partnerships  (Allies  &  Industry) 

•Consumer  IT  markets  heavily  influence  operational  requirements  (develop 
proactive  IA  solutions) 

•IA  is  an  enterprise-wide  capability  that  demands  decisions  from  an  enterprise 
perspective  (process  change) 

•Users  demand  agility,  transparency,  &  intrinsic  trust  in  the  global  information  grid. 

(user  driven) 

GOALS: 

•PROTECT  INFORMATION:  Maintaining  the  essential  qualities  of  information. 
•DEFEND  NETWORKS:  Assure  vulnerabilities  are  not  exploited;  we  are  aware 
of  exploitation  attempts  AND  take  action  to  avert  risks. 

•CREATE  IA  SITUATIONAL  A WARENE S S/C2 :  Build  Confidence  in  our  ways 
&  means;  respond  faster  than  our  adversaries. 

•MAINTAIN  ROBUST  INFRASTRUCTURES:  Enable  the  ability  to  adapt  to 
uncertainties  and  ambiguities  in  the  environment. 
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IA  Strategic  Focus  (By  Domain) 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


Major  Focus 


•  GLOBAL  Domain 


•  US  Domain 


•  FEDERAL  Domain 


DEFENSE  Domain 


■=> 

■=> 

■=> 


Assured  collaboration  with  Allies  and  in 
Coalition  operations 

Appropriate  ventures  with  the  private 
sector  -  maintaining  cutting  edge 
solutions  vis  a  vis  privacy  issues 

Influence  information  assurance  in 
homeland  defense 

Protect  Information,  Defend  Networks, 
Create  IA  Situational  Awareness/C2, 
Maintain  Robust  Infrastructures 


Develop  policies  concurrent!^  with  the  implementation  of  a  capability 
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A  New  I A  Strategic  Framework 

Consumer  Focused,  Collaborative  Base,  Dynamic  in  Nature 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


INVESTMENT  STRATEGIES 


ENDURING 

GOALS 

Protect 

Information 

Defend  Networks 

Create  IA  Situational 
Awareness/C2 


Maintain  Robust 
Infrastructures 


Sustain  Transform  Leap- Ahead 
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Information  Dominance  -  Operations 


Alert  and  Warning 

The  Challenge: 

To  share  critical 
vulnerability  information 
rapidly  with  international 
and  domestic  partners. 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


t* 


Attack  and  Sensing 

The  Challenge: 
Early  detection  of 
malicious  activities. 


Network  Centric  Operations 

The  Challenge: 

To  establish  a  common  operational  picture 
and  avoid  information  stovepipes. 
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Information  Dominance  -  People 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


Centers  of  Academic 
Excellence  in  IA  Education 

The  Challenge: 

To  develop  the  future  workforce 
and  increase  the  number  of 
professionals  with  IA  expertise. 


GOAL:  ATTRACT, 
SUSTAIN,  AND 
RETAIN  IA 
PROFESSIONALS 


Training  and  Awareness 


The  Challenge: 

To  keep  the  current  workforce 
ahead  of  the  IT  curve  with 
new  educational  programs 
and  professional  IA  training. 
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Information  Dominance  -  Technology 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


Science  and  Technology 

The  Challenge: 

To  rapidly  develop  and 
implement  innovative  security 
solutions 


‘Taproot  of  Information  Superiority’1 


Archives  „  „ 
pit,  Teraflop 

Processor 


"Security 

Shells" 


"Thousands  of  Images,” 
Numerous  SIGINT  Products 


GEO  Spatial 
"MOADB" 

Army  Battle 


Intel 

DIA 

NMIC 

PAC0M  Washington  DC 
Virtual  H  | 


EUCOM  H 

eucomhqH  usacom  ATM  FASTLANEs^' 


gt 

1 

Wm 

1 

hv'T 

DISA 

x' 

B  f* 

2.4  Gbps 


/ft  Vtol  ^ 

WP  Workspace 


Global  Grid 

The  Challenge: 

To  keep  pace  with  information 
demands  while  ensuring 
security. 


Thousands  of  Analysts, 
Supporting  Functions 


•  High  Speed  Comms 

•  End-to-End  Security 

•  Interoperability 
•HDTV  Visualization 

•  Commercially  Derived 


100,000s  of  Forces, 
1,000s  of  Platforms, 
Plug  and  Play  Coalition 


SINCGARS,  F-16s/UH-60s/Longbow  Apache, 
A2C2  Radiant  Hail/Viper/Port  Royal,  EA-6B 


Information  Dominance  -  Technology 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


Security  Enabled  Solutions 

The  Challenge: 

To  acquire  products  and  applications  that 
contain  security  robustness. 


Server 


Public  Key  Infrastructure 


Public  Key  Infrastructure 

The  Challenge: 

To  provide  authentication, 
confidentiality,  inter-operability,  and 
access  control  throughout  the  enterprise. 


Telephone 

Defend 
Computing 
Environment 

Local  Enclave 


Remote 
Dial-In 
User 

Defend  Networks 
and  Infrastructure 


Wireless 


Desktop 


u 


Defend 

Enclave 

Boundary 


Combat  Radio 
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Many  Players,  Many  Perspectives 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


•  Products  &  Services 

•  Technology 


Industry 

•  Product  Vendors 

•  System  Integrators 

•  Testers/Evaluators 

•  Network/Information 
Service  Providers 

•Professional  Service 
Providers 

•  Infrastructure 
Owners/Operators 


DoD  IA  Market 


Requirements 


Consumers 

CINCS/Services 

OSD 

Defense  Agencies 

Intel  Community 

Other  Federal 
gencies 

AlHes/Coalition 
armers 


Policy/Requirements 

$$$ 

Technology 


Policy,  Guidance,  Direction 
Approval/ Accreditation 
•  Solutions 
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DoD’s  View  of  Industry 


Commercial  users  willing  to  field  systems  with  less  than  adequate 
security 

Don’t  publicize  computer  security  probl°™c 
Most  decisions  are  cost-driven 


Cost/benefit 
Insurance 
Write-off  losses 


-  Pass  loss  on  to  customer  /N/ 

Not  a  lot  of  leading  edge  R&D  -market  focused 

Many  vendors  lack  long-term  R&D  Vision  necessary  to  solve  the  hard 
problems  (evolutionary  advances  -  function  vice  new  capabilities) 

Commercial  world  utilizes  high-cost  workarounds  to  implement 
security  solutions 

Virtually  all  commercial  work  based  on  previous  DoD  research  Slid 


DoD  IA  Policy 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


DoDD  8500. aa  -  Information  Assurance  (Roles  &  Responsibilities) 
DoDI  8500.bb  - 1 A  Implementation 

“Managing  information  assurance  as  a  quality  across  the  IT  life  cycle  - 
are  achieved  through  core  IA  initiatives  such  as  the  NIAP  and  the 
development  and  use  of  CCPP  and  evaluation  methods  for  COTS; 
through  the  DITSCAP  for  all  government  and  contractor  information 
systems  connected  to  the  GIG;  education,  training  and  awareness  for  IA 
and  IT  professionals  and  GIG  users;  the  IAVA  and  other  vulnerability 
management  processes;  incident  response;  continuity  planning;  and 
consequence  management.” 

•Establishes  threshold  assurance  levels  for  connection  to  the  GIG 
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National  Information  Assurance  Partnership 

NSTiSSiP-1 1 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


Common 
Criteria  (CC) 
Evolution 


CC  Security  Target  & 
Protection  Profile 
Generation  Support 


Common  Criteria 
Test  Program 
Commercial  Lab 
Accreditation 


N  I  A 

Test  Methods  & 
Tools  Development 


Validated 
Product  List 
Publication 


NIST  /  NSA  JOINT  INITIATIVE 
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Strengthening  the  Links  to  Enable  IA 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


Four  areas 
where  we  can 
help  each 
other ... 


Create 


Consolidate 


Commit 


Assist  in  our  efforts  to  innovate  (e.g.,  DARPA,  Service  Labs) 

Leverage  industry’s  market  research  w/our  resource  base 

Help  us  develop  the  tools,  techniques,  procedures  for  mutual  protection 


Assess  IA-related  efforts  in  a  broader  nation-wide  context 
Focus  on  priorities 


Be  part  of  our  solutions 

Find  the  “common  ground”  in  combating  terrorism; 


Implement  community  solutions  proven  effective 

for  a  given  environment 

Share  best  practices  and  lessons  learned 


Conduct 


Technology  &  Solutions 
Operations 
People 
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You  are  a  Critical  Piece  of  the 
Information  Dominance  Puzzle 


Information  Assurance  -  the  Active  Enabler  for  DoD  Information  Dominance 


Department 
of  Defense 


Business 

Sector 

"Y 

J 


Private 

Citizens 


Government  - 
State,  Local,  Federal 
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